diff --git a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
index 1bb9ee3..af46f2b 100644
--- a/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
+++ b/0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
@@ -16,7 +16,7 @@ index 44850a9..b6927d0 100644
  // Define the maximum debug and assert message length that this library supports
  //
 -#define MAX_DEBUG_MESSAGE_LENGTH  0x100
-+#define MAX_DEBUG_MESSAGE_LENGTH  0x200
++#define MAX_DEBUG_MESSAGE_LENGTH  0x200
  
  /**
    This constructor function does not have to do anything.
diff --git a/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch b/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch
new file mode 100644
index 0000000..308fddb
--- /dev/null
+++ b/0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch
@@ -0,0 +1,73 @@
+From: Ruiyu Ni <ruiyu.ni@intel.com>
+Subject: [PATCH] MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource
+Date: Thu, 16 Nov 2017 18:15:14 +0100
+
+The bug was caused by 728d74973c9262b6c7b7ef4be213223d55affec3
+"MdeModulePkg/PciBus: Count multiple hotplug resource paddings".
+
+The patch firstly updated the Bridge->Alignment to the maximum
+alignment of all devices under the bridge, then aligned the
+Bridge->Length to Bridge->Alignment.
+It caused too much resources were claimed.
+
+The new patch firstly aligns Bridge->Length to Bridge->Alignment,
+then updates the Bridge->Alignment to the maximum alignment of all
+devices under the bridge.
+Because the step to update the Bridge->Alignment is to make sure
+the resource allocated to the bus under the Bridge meets all
+devices alignment. But the Bridge->Length doesn't have to align
+to the maximum alignment.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
+Reviewed-by: Eric Dong <eric.dong@intel.com>
+(cherry picked from commit 6e3287442774c1a4bc83f127694700eeb07c18dc)
+---
+ MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c | 24 ++++++++++----------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c b/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
+index 8dbe9a00380f..2f713fcee95e 100644
+--- a/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
++++ b/MdeModulePkg/Bus/Pci/PciBusDxe/PciResourceSupport.c
+@@ -389,18 +389,7 @@ CalculateResourceAperture (
+   }
+ 
+   //
+-  // Adjust the bridge's alignment to the MAX (first) alignment of all children.
+-  //
+-  CurrentLink = Bridge->ChildList.ForwardLink;
+-  if (CurrentLink != &Bridge->ChildList) {
+-    Node = RESOURCE_NODE_FROM_LINK (CurrentLink);
+-    if (Node->Alignment > Bridge->Alignment) {
+-      Bridge->Alignment = Node->Alignment;
+-    }
+-  }
+-
+-  //
+-  // At last, adjust the aperture with the bridge's alignment
++  // Adjust the aperture with the bridge's alignment
+   //
+   Aperture[PciResUsageTypical] = ALIGN_VALUE (Aperture[PciResUsageTypical], Bridge->Alignment + 1);
+   Aperture[PciResUsagePadding] = ALIGN_VALUE (Aperture[PciResUsagePadding], Bridge->Alignment + 1);
+@@ -410,6 +399,17 @@ CalculateResourceAperture (
+   // Use the larger one between the padding resource and actual occupied resource.
+   //
+   Bridge->Length = MAX (Aperture[PciResUsageTypical], Aperture[PciResUsagePadding]);
++
++  //
++  // Adjust the bridge's alignment to the MAX (first) alignment of all children.
++  //
++  CurrentLink = Bridge->ChildList.ForwardLink;
++  if (CurrentLink != &Bridge->ChildList) {
++    Node = RESOURCE_NODE_FROM_LINK (CurrentLink);
++    if (Node->Alignment > Bridge->Alignment) {
++      Bridge->Alignment = Node->Alignment;
++    }
++  }
+ }
+ 
+ /**
+-- 
+2.14.1.3.gb7cf6e02401b
+
diff --git a/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch b/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch
new file mode 100644
index 0000000..0a9a1ba
--- /dev/null
+++ b/0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch
@@ -0,0 +1,34 @@
+From: Ruiyu Ni <ruiyu.ni@intel.com>
+Subject: [PATCH] MdeModulePkg/Bds: Remove assertion in BmCharToUint
+Date: Thu, 16 Nov 2017 18:04:42 +0100
+
+BmCharToUint() could be called using external data and it
+already contains logic to return -1 when data is invalid,
+so removing unnecessary assertion to avoid system hang.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Star Zeng <star.zeng@intel.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+(cherry picked from commit 618ef6f9bae14e1543d61993ab7ab8992063e4cc)
+---
+ MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
+index 11ab86792a52..a3fa25424592 100644
+--- a/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
++++ b/MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c
+@@ -420,7 +420,6 @@ BmCharToUint (
+     return (Char - L'A' + 0xA);
+   }
+ 
+-  ASSERT (FALSE);
+   return (UINTN) -1;
+ }
+ 
+-- 
+2.14.1.3.gb7cf6e02401b
+
+
diff --git a/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch b/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch
new file mode 100644
index 0000000..231a96e
--- /dev/null
+++ b/0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch
@@ -0,0 +1,105 @@
+From: Ruiyu Ni <ruiyu.ni@intel.com>
+Subject: [PATCH] MdeModulePkg/Bds: Check variable name even *if* OptionNumber is NULL
+Date: Thu, 16 Nov 2017 18:04:43 +0100
+
+Current implementation skips to check whether the last four
+characters are digits when the OptionNumber is NULL.
+Even worse, it may incorrectly return FALSE when OptionNumber is
+NULL.
+
+The patch fixes it to always check the variable name even
+OptionNumber is NULL.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Signed-off-by: Ruiyu Ni <ruiyu.ni@intel.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 5e6e2dcc380dcd841f6f979fea8c302c80a87ec3)
+---
+ MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c | 45 +++++++++++++-------
+ 1 file changed, 30 insertions(+), 15 deletions(-)
+
+diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
+index b0a35058d02b..32918caf324c 100644
+--- a/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
++++ b/MdeModulePkg/Library/UefiBootManagerLib/BmLoadOption.c
+@@ -785,6 +785,8 @@ EfiBootManagerIsValidLoadOptionVariableName (
+   UINTN                             VariableNameLen;
+   UINTN                             Index;
+   UINTN                             Uint;
++  EFI_BOOT_MANAGER_LOAD_OPTION_TYPE LocalOptionType;
++  UINT16                            LocalOptionNumber;
+ 
+   if (VariableName == NULL) {
+     return FALSE;
+@@ -792,39 +794,52 @@ EfiBootManagerIsValidLoadOptionVariableName (
+ 
+   VariableNameLen = StrLen (VariableName);
+ 
++  //
++  // Return FALSE when the variable name length is too small.
++  //
+   if (VariableNameLen <= 4) {
+     return FALSE;
+   }
+ 
+-  for (Index = 0; Index < ARRAY_SIZE (mBmLoadOptionName); Index++) {
+-    if ((VariableNameLen - 4 == StrLen (mBmLoadOptionName[Index])) &&
+-        (StrnCmp (VariableName, mBmLoadOptionName[Index], VariableNameLen - 4) == 0)
++  //
++  // Return FALSE when the variable name doesn't start with Driver/SysPrep/Boot/PlatformRecovery.
++  //
++  for (LocalOptionType = 0; LocalOptionType < ARRAY_SIZE (mBmLoadOptionName); LocalOptionType++) {
++    if ((VariableNameLen - 4 == StrLen (mBmLoadOptionName[LocalOptionType])) &&
++        (StrnCmp (VariableName, mBmLoadOptionName[LocalOptionType], VariableNameLen - 4) == 0)
+         ) {
+       break;
+     }
+   }
++  if (LocalOptionType == ARRAY_SIZE (mBmLoadOptionName)) {
++    return FALSE;
++  }
+ 
+-  if (Index == ARRAY_SIZE (mBmLoadOptionName)) {
++  //
++  // Return FALSE when the last four characters are not hex digits.
++  //
++  LocalOptionNumber = 0;
++  for (Index = VariableNameLen - 4; Index < VariableNameLen; Index++) {
++    Uint = BmCharToUint (VariableName[Index]);
++    if (Uint == -1) {
++      break;
++    } else {
++      LocalOptionNumber = (UINT16) Uint + LocalOptionNumber * 0x10;
++    }
++  }
++  if (Index != VariableNameLen) {
+     return FALSE;
+   }
+ 
+   if (OptionType != NULL) {
+-    *OptionType = (EFI_BOOT_MANAGER_LOAD_OPTION_TYPE) Index;
++    *OptionType = LocalOptionType;
+   }
+ 
+   if (OptionNumber != NULL) {
+-    *OptionNumber = 0;
+-    for (Index = VariableNameLen - 4; Index < VariableNameLen; Index++) {
+-      Uint = BmCharToUint (VariableName[Index]);
+-      if (Uint == -1) {
+-        break;
+-      } else {
+-        *OptionNumber = (UINT16) Uint + *OptionNumber * 0x10;
+-      }
+-    }
++    *OptionNumber = LocalOptionNumber;
+   }
+ 
+-  return (BOOLEAN) (Index == VariableNameLen);
++  return TRUE;
+ }
+ 
+ /**
+-- 
+2.14.1.3.gb7cf6e02401b
+
diff --git a/0022-OvmfPkg-make-it-a-proper-BASE-library.patch b/0022-OvmfPkg-make-it-a-proper-BASE-library.patch
new file mode 100644
index 0000000..79f6284
--- /dev/null
+++ b/0022-OvmfPkg-make-it-a-proper-BASE-library.patch
@@ -0,0 +1,50 @@
+From d9edd0b560db7d32b8b93e82d7051d5cf58e9744 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 16 Nov 2017 20:52:57 +0100
+Subject: [PATCH 1/3] OvmfPkg: make it a proper BASE library
+
+Remove Uefi.h, which includes UefiSpec.h, and change the
+return value to match RETURN_STATUS.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Jordan Justen (Intel address) <jordan.l.justen@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+index 5435767c1c..74f4d9c2d6 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+@@ -15,7 +15,6 @@
+ **/
+ 
+ #include <Base.h>
+-#include <Uefi.h>
+ #include <Library/DebugLib.h>
+ #include <Library/BaseLib.h>
+ #include <Library/IoLib.h>
+@@ -32,7 +31,7 @@
+ /**
+   This constructor function does not have to do anything.
+ 
+-  @retval EFI_SUCCESS   The constructor always returns RETURN_SUCCESS.
++  @retval RETURN_SUCCESS   The constructor always returns RETURN_SUCCESS.
+ 
+ **/
+ RETURN_STATUS
+@@ -41,7 +40,7 @@ PlatformDebugLibIoPortConstructor (
+   VOID
+   )
+ {
+-  return EFI_SUCCESS;
++  return RETURN_SUCCESS;
+ }
+ 
+ /**
+-- 
+2.14.3
+
diff --git a/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch b/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch
new file mode 100644
index 0000000..37dab9f
--- /dev/null
+++ b/0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch
@@ -0,0 +1,254 @@
+From ba774b89b5a206c71a2ce0db8184747fac0f6af7 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Thu, 16 Nov 2017 10:33:29 +0100
+Subject: [PATCH 2/3] OvmfPkg: create a separate PlatformDebugLibIoPort
+ instance for SEC
+
+The next patch will want to add a global variable to
+PlatformDebugLibIoPort, but this is not suitable for the SEC
+phase, because SEC runs from read-only flash.  The solution is
+to have two library instances, one for SEC and another
+for all other firmware phases.  This patch adds the "plumbing"
+for the SEC library instance, separating the INF files and
+moving the constructor to a separate C source file.
+
+Contributed-under: TianoCore Contribution Agreement 1.1
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Jordan Justen (Intel address) <jordan.l.justen@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ OvmfPkg/OvmfPkgIa32.dsc                            |  2 +-
+ OvmfPkg/OvmfPkgIa32X64.dsc                         |  2 +-
+ OvmfPkg/OvmfPkgX64.dsc                             |  2 +-
+ .../PlatformDebugLibIoPort.inf                     |  3 +-
+ .../PlatformRomDebugLibIoPort.inf                  | 52 ++++++++++++++++++++++
+ OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c  | 15 -------
+ .../PlatformDebugLibIoPort/DebugLibDetect.c        | 31 +++++++++++++
+ .../PlatformDebugLibIoPort/DebugLibDetectRom.c     | 31 +++++++++++++
+ 8 files changed, 119 insertions(+), 19 deletions(-)
+ create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+ create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+ create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index c2f534fdbf..7ccb61147f 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -207,7 +207,7 @@ [LibraryClasses.common.SEC]
+ !ifdef $(DEBUG_ON_SERIAL_PORT)
+   DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ !else
+-  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
++  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+ !endif
+   ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+   ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 9f300a2e6f..237ec71b5e 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -212,7 +212,7 @@ [LibraryClasses.common.SEC]
+ !ifdef $(DEBUG_ON_SERIAL_PORT)
+   DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ !else
+-  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
++  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+ !endif
+   ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+   ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 1ffcf37f8b..a5047fa38e 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -212,7 +212,7 @@ [LibraryClasses.common.SEC]
+ !ifdef $(DEBUG_ON_SERIAL_PORT)
+   DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
+ !else
+-  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
++  DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+ !endif
+   ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
+   ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+index 0e74fe94cb..de3c2f542b 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+@@ -21,7 +21,7 @@ [Defines]
+   FILE_GUID                      = DF934DA3-CD31-49FE-AF50-B3C87C79325F
+   MODULE_TYPE                    = BASE
+   VERSION_STRING                 = 1.0
+-  LIBRARY_CLASS                  = DebugLib
++  LIBRARY_CLASS                  = DebugLib|PEI_CORE PEIM DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER SMM_CORE DXE_SMM_DRIVER UEFI_DRIVER UEFI_APPLICATION
+   CONSTRUCTOR                    = PlatformDebugLibIoPortConstructor
+ 
+ #
+@@ -30,6 +30,7 @@ [Defines]
+ 
+ [Sources]
+   DebugLib.c
++  DebugLibDetect.c
+ 
+ [Packages]
+   MdePkg/MdePkg.dec
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+new file mode 100644
+index 0000000000..491c0318de
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+@@ -0,0 +1,52 @@
++## @file
++#  Instance of Debug Library for the QEMU debug console port.
++#  It uses Print Library to produce formatted output strings.
++#
++#  Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
++#  Copyright (c) 2017, Red Hat, Inc.<BR>
++#
++#  This program and the accompanying materials
++#  are licensed and made available under the terms and conditions of the BSD License
++#  which accompanies this distribution. The full text of the license may be found at
++#  http://opensource.org/licenses/bsd-license.php.
++#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++#
++#
++##
++
++[Defines]
++  INF_VERSION                    = 0x00010005
++  BASE_NAME                      = PlatformRomDebugLibIoPort
++  FILE_GUID                      = CEB0D9D3-328F-4C24-8C02-28FA1986AE1B
++  MODULE_TYPE                    = BASE
++  VERSION_STRING                 = 1.0
++  LIBRARY_CLASS                  = DebugLib|SEC
++  CONSTRUCTOR                    = PlatformRomDebugLibIoPortConstructor
++
++#
++#  VALID_ARCHITECTURES           = IA32 X64 IPF EBC
++#
++
++[Sources]
++  DebugLib.c
++  DebugLibDetectRom.c
++
++[Packages]
++  MdePkg/MdePkg.dec
++  OvmfPkg/OvmfPkg.dec
++
++[LibraryClasses]
++  BaseMemoryLib
++  IoLib
++  PcdLib
++  PrintLib
++  BaseLib
++  DebugPrintErrorLevelLib
++
++[Pcd]
++  gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort                ## CONSUMES
++  gEfiMdePkgTokenSpaceGuid.PcdDebugClearMemoryValue        ## CONSUMES
++  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask            ## CONSUMES
++  gEfiMdePkgTokenSpaceGuid.PcdFixedDebugPrintErrorLevel    ## CONSUMES
++
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+index 74f4d9c2d6..5a1c86f2c3 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+@@ -28,21 +28,6 @@
+ //
+ #define MAX_DEBUG_MESSAGE_LENGTH  0x200
+ 
+-/**
+-  This constructor function does not have to do anything.
+-
+-  @retval RETURN_SUCCESS   The constructor always returns RETURN_SUCCESS.
+-
+-**/
+-RETURN_STATUS
+-EFIAPI
+-PlatformDebugLibIoPortConstructor (
+-  VOID
+-  )
+-{
+-  return RETURN_SUCCESS;
+-}
+-
+ /**
+   Prints a debug message to the debug output device if the specified error level is enabled.
+ 
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+new file mode 100644
+index 0000000000..bad054f286
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+@@ -0,0 +1,31 @@
++/** @file
++  Constructor code for QEMU debug port library.
++  Non-SEC instance.
++
++  Copyright (c) 2017, Red Hat, Inc.<BR>
++  This program and the accompanying materials
++  are licensed and made available under the terms and conditions of the BSD License
++  which accompanies this distribution.  The full text of the license may be found at
++  http://opensource.org/licenses/bsd-license.php.
++
++  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include <Base.h>
++
++/**
++  This constructor function does not have anything to do.
++
++  @retval RETURN_SUCCESS   The constructor always returns RETURN_SUCCESS.
++
++**/
++RETURN_STATUS
++EFIAPI
++PlatformDebugLibIoPortConstructor (
++  VOID
++  )
++{
++  return RETURN_SUCCESS;
++}
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+new file mode 100644
+index 0000000000..83a118a0f7
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+@@ -0,0 +1,31 @@
++/** @file
++  Constructor code for QEMU debug port library.
++  SEC instance.
++
++  Copyright (c) 2017, Red Hat, Inc.<BR>
++  This program and the accompanying materials
++  are licensed and made available under the terms and conditions of the BSD License
++  which accompanies this distribution.  The full text of the license may be found at
++  http://opensource.org/licenses/bsd-license.php.
++
++  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#include <Base.h>
++
++/**
++  This constructor function does not have anything to do.
++
++  @retval RETURN_SUCCESS   The constructor always returns RETURN_SUCCESS.
++
++**/
++RETURN_STATUS
++EFIAPI
++PlatformRomDebugLibIoPortConstructor (
++  VOID
++  )
++{
++  return RETURN_SUCCESS;
++}
+-- 
+2.14.3
+
diff --git a/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch b/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch
new file mode 100644
index 0000000..3833c10
--- /dev/null
+++ b/0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch
@@ -0,0 +1,270 @@
+From b23853af6eb71e4c9b2e2d235b1db80541d33116 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 15 Nov 2017 18:01:00 +0100
+Subject: [PATCH 3/3] OvmfPkg: save on I/O port accesses when the debug port is
+ not in use
+
+When SEV is enabled, every debug message printed by OVMF to the
+QEMU debug port traps from the guest to QEMU character by character
+because "REP OUTSB" cannot be used by IoWriteFifo8.  Furthermore,
+when OVMF is built with the DEBUG_VERBOSE bit (value 0x00400000)
+enabled in "gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel", then the
+OvmfPkg/IoMmuDxe driver, and the OvmfPkg/Library/BaseMemEncryptSevLib
+library instance that is built into it, produce a huge amount of
+log messages.  Therefore, in SEV guests, the boot time impact is huge
+(about 45 seconds _additional_ time spent writing to the debug port).
+
+While these messages are very useful for analyzing guest behavior,
+most of the time the user won't be capturing the OVMF debug log.
+In fact libvirt does not provide a method for configuring log capture;
+users that wish to do this (or are instructed to do this) have to resort
+to <qemu:arg>.
+
+The debug console device provides a handy detection mechanism; when read,
+it returns 0xE9 (which is very much unlike the 0xFF that is returned by
+an unused port).  Use it to skip the possibly expensive OUT instructions
+when the debug I/O port isn't plugged anywhere.
+
+For SEC, the debug port has to be read before each full message.
+However:
+
+- if the debug port is available, then reading one byte before writing
+a full message isn't tragic, especially because SEC doesn't print many
+messages
+
+- if the debug port is not available, then reading one byte instead of
+writing a full message is still a win.
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Cc: Laszlo Ersek <lersek@redhat.com>
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Jordan Justen (Intel address) <jordan.l.justen@intel.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ .../PlatformDebugLibIoPort/DebugLibDetect.h        | 57 ++++++++++++++++++++++
+ OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c  | 28 +++++++++--
+ .../PlatformDebugLibIoPort/DebugLibDetect.c        | 30 ++++++++++--
+ .../PlatformDebugLibIoPort/DebugLibDetectRom.c     | 21 +++++++-
+ 4 files changed, 127 insertions(+), 9 deletions(-)
+ create mode 100644 OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h
+
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h
+new file mode 100644
+index 0000000000..1f739b55d8
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.h
+@@ -0,0 +1,57 @@
++/** @file
++  Base Debug library instance for QEMU debug port.
++  It uses PrintLib to send debug messages to a fixed I/O port.
++
++  Copyright (c) 2017, Red Hat, Inc.<BR>
++  This program and the accompanying materials
++  are licensed and made available under the terms and conditions of the BSD License
++  which accompanies this distribution.  The full text of the license may be found at
++  http://opensource.org/licenses/bsd-license.php.
++
++  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++
++**/
++
++#ifndef __DEBUG_IO_PORT_DETECT_H__
++#define __DEBUG_IO_PORT_DETECT_H__
++
++#include <Base.h>
++
++//
++// The constant value that is read from the debug I/O port
++//
++#define BOCHS_DEBUG_PORT_MAGIC    0xE9
++
++
++/**
++  Helper function to return whether the virtual machine has a debug I/O port.
++  PlatformDebugLibIoPortFound can call this function directly or cache the
++  result.
++
++  @retval TRUE   if the debug I/O port device was detected.
++  @retval FALSE  otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortDetect (
++  VOID
++  );
++
++/**
++  Return whether the virtual machine has a debug I/O port.  DebugLib.c
++  calls this function instead of PlatformDebugLibIoPortDetect, to allow
++  caching if possible.
++
++  @retval TRUE   if the debug I/O port device was detected.
++  @retval FALSE  otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortFound (
++  VOID
++  );
++
++#endif
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+index 5a1c86f2c3..36cde54976 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+@@ -22,6 +22,7 @@
+ #include <Library/PcdLib.h>
+ #include <Library/BaseMemoryLib.h>
+ #include <Library/DebugPrintErrorLevelLib.h>
++#include "DebugLibDetect.h"
+ 
+ //
+ // Define the maximum debug and assert message length that this library supports
+@@ -61,9 +62,10 @@ DebugPrint (
+   ASSERT (Format != NULL);
+ 
+   //
+-  // Check driver debug mask value and global mask
++  // Check if the global mask disables this message or the device is inactive
+   //
+-  if ((ErrorLevel & GetDebugPrintErrorLevel ()) == 0) {
++  if ((ErrorLevel & GetDebugPrintErrorLevel ()) == 0 ||
++      !PlatformDebugLibIoPortFound ()) {
+     return;
+   }
+ 
+@@ -120,9 +122,11 @@ DebugAssert (
+              FileName, (UINT64)LineNumber, Description);
+ 
+   //
+-  // Send the print string to the debug I/O port
++  // Send the print string to the debug I/O port, if present
+   //
+-  IoWriteFifo8 (PcdGet16 (PcdDebugIoPort), Length, Buffer);
++  if (PlatformDebugLibIoPortFound ()) {
++    IoWriteFifo8 (PcdGet16 (PcdDebugIoPort), Length, Buffer);
++  }
+ 
+   //
+   // Generate a Breakpoint, DeadLoop, or NOP based on PCD settings
+@@ -265,3 +269,19 @@ DebugPrintLevelEnabled (
+ {
+   return (BOOLEAN) ((ErrorLevel & PcdGet32(PcdFixedDebugPrintErrorLevel)) != 0);
+ }
++
++/**
++  Return the result of detecting the debug I/O port device.
++
++  @retval TRUE   if the debug I/O port device was detected.
++  @retval FALSE  otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortDetect (
++  VOID
++  )
++{
++  return IoRead8 (PcdGet16 (PcdDebugIoPort)) == BOCHS_DEBUG_PORT_MAGIC;
++}
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+index bad054f286..81c44eece9 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetect.c
+@@ -1,6 +1,6 @@
+ /** @file
+-  Constructor code for QEMU debug port library.
+-  Non-SEC instance.
++  Detection code for QEMU debug port.
++  Non-SEC instance, caches the result of detection.
+ 
+   Copyright (c) 2017, Red Hat, Inc.<BR>
+   This program and the accompanying materials
+@@ -14,9 +14,16 @@
+ **/
+ 
+ #include <Base.h>
++#include "DebugLibDetect.h"
++
++//
++// Set to TRUE if the debug I/O port is enabled
++//
++STATIC BOOLEAN mDebugIoPortFound = FALSE;
+ 
+ /**
+-  This constructor function does not have anything to do.
++  This constructor function checks if the debug I/O port device is present,
++  caching the result for later use.
+ 
+   @retval RETURN_SUCCESS   The constructor always returns RETURN_SUCCESS.
+ 
+@@ -27,5 +34,22 @@ PlatformDebugLibIoPortConstructor (
+   VOID
+   )
+ {
++  mDebugIoPortFound = PlatformDebugLibIoPortDetect();
+   return RETURN_SUCCESS;
+ }
++
++/**
++  Return the cached result of detecting the debug I/O port device.
++
++  @retval TRUE   if the debug I/O port device was detected.
++  @retval FALSE  otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortFound (
++  VOID
++  )
++{
++  return mDebugIoPortFound;
++}
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+index 83a118a0f7..b950919675 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLibDetectRom.c
+@@ -1,6 +1,6 @@
+ /** @file
+-  Constructor code for QEMU debug port library.
+-  SEC instance.
++  Detection code for QEMU debug port.
++  SEC instance, cannot cache the result of detection.
+ 
+   Copyright (c) 2017, Red Hat, Inc.<BR>
+   This program and the accompanying materials
+@@ -14,6 +14,7 @@
+ **/
+ 
+ #include <Base.h>
++#include "DebugLibDetect.h"
+ 
+ /**
+   This constructor function does not have anything to do.
+@@ -29,3 +30,19 @@ PlatformRomDebugLibIoPortConstructor (
+ {
+   return RETURN_SUCCESS;
+ }
++
++/**
++  Return the result of detecting the debug I/O port device.
++
++  @retval TRUE   if the debug I/O port device was detected.
++  @retval FALSE  otherwise
++
++**/
++BOOLEAN
++EFIAPI
++PlatformDebugLibIoPortFound (
++  VOID
++  )
++{
++  return PlatformDebugLibIoPortDetect ();
++}
+-- 
+2.14.3
+
diff --git a/edk2.spec b/edk2.spec
index c1b229d..67a759e 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -2,10 +2,14 @@
 %global edk2_githash     92d07e4
 %global openssl_version  1.1.0e
 
+%if 0%{?fedora:1}
 %define cross 1
+%endif
 
 %ifarch %{ix86} x86_64
+%if 0%{?fedora:1}
 %define build_ovmf_ia32 1
+%endif
 %ifarch x86_64
 %define build_ovmf_x64 1
 %endif
@@ -25,7 +29,7 @@
 
 Name:           edk2
 Version:        %{edk2_date}git%{edk2_githash}
-Release:        1%{dist}
+Release:        2%{dist}
 Summary:        EFI Development Kit II
 
 Group:          Applications/Emulators
@@ -39,6 +43,7 @@ Source11:       build-iso.sh
 Source12:       update-tarball.sh
 Source13:       openssl-patch-to-tarball.sh
 
+# non-upstream patches
 Patch0001: 0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
 Patch0002: 0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
 Patch0003: 0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
@@ -57,13 +62,23 @@ Patch0016: 0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
 Patch0017: 0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
 Patch0018: 0018-ArmVirtPkg-set-early-hello-message.patch
 
+# upstream backports
+Patch0019: 0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch
+Patch0020: 0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch
+Patch0021: 0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch
+
+# submitted upstream
+Patch0022: 0022-OvmfPkg-make-it-a-proper-BASE-library.patch
+Patch0023: 0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch
+Patch0024: 0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch
 
 %if 0%{?cross:1}
 # Tweak the tools_def to support cross-compiling.
-# These files are meant for customization, so this is not upstream.
+# These files are meant for customization, so this is not upstream too.
 Patch0099: 0099-Tweak-the-tools_def-to-support-cross-compiling.patch
 %endif
 
+%if 0%{?fedora:1}
 #
 # actual firmware builds support cross-compiling.  edk2-tools
 # in theory should build everywhere without much trouble, but
@@ -71,6 +86,9 @@ Patch0099: 0099-Tweak-the-tools_def-to-support-cross-compiling.patch
 # (such as ppc), so lets limit things to the known-good ones.
 #
 ExclusiveArch:  %{ix86} x86_64 %{arm} aarch64
+%else
+ExclusiveArch:  x86_64 aarch64
+%endif
 
 BuildRequires:  python
 BuildRequires:  libuuid-devel
@@ -421,7 +439,12 @@ ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw          %{buildroot}/usr/share/AAVMF/
 
 
 %changelog
-* Tue Nov 14 2017 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-6
+* Fri Nov 17 2017 Paolo Bonzini <pbonzini@redhat.com> - 20170209git296153c5-2
+- Backport patches 19-21 from RHEL
+- Add patches 22-24 to fix SEV slowness
+- Add fedora conditionals
+
+* Tue Nov 14 2017 Paolo Bonzini <pbonzini@redhat.com> - 20171011git92d07e4-1
 - Import source and patches from RHEL version
 - Update OpenSSL to 1.1.0e
 - Refresh 0099-Tweak-the-tools_def-to-support-cross-compiling.patch